diff --git a/epmet-auth/src/main/java/com/epmet/service/impl/SsoServiceImpl.java b/epmet-auth/src/main/java/com/epmet/service/impl/SsoServiceImpl.java index 724bc1d7a4..334219f20f 100644 --- a/epmet-auth/src/main/java/com/epmet/service/impl/SsoServiceImpl.java +++ b/epmet-auth/src/main/java/com/epmet/service/impl/SsoServiceImpl.java @@ -16,7 +16,6 @@ import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.security.dto.GovTokenDto; import com.epmet.commons.tools.security.dto.TokenDto; -import com.epmet.commons.tools.security.password.PasswordUtils; import com.epmet.commons.tools.utils.*; import com.epmet.constant.SsoConstant; import com.epmet.dto.*; @@ -33,18 +32,16 @@ import com.epmet.redis.SsoRedis; import com.epmet.service.SsoService; import com.epmet.service.ThirdLoginService; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; -import org.apache.http.entity.StringEntity; +import org.apache.http.entity.mime.MultipartEntityBuilder; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.MediaType; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; @@ -205,104 +202,80 @@ public class SsoServiceImpl implements SsoService { CloseableHttpClient httpclient = null; CloseableHttpResponse response = null; UserTokenResultDTO userTokenResultDTO = null; - try { - httpclient = HttpClients.createDefault(); - HttpPost httpPost = new HttpPost(SsoConstant.TICKET_TOKEN_URL); - JSONObject infoJson = new JSONObject(); - infoJson.put("ticket", form.getTicket()); - StringEntity stringEntity = new StringEntity(infoJson.toString(), "UTF-8"); - stringEntity.setContentEncoding("UTF-8"); - stringEntity.setContentType(MediaType.APPLICATION_JSON_VALUE); - httpPost.setEntity(stringEntity); + httpclient = HttpClients.createDefault(); + HttpPost httpPost = new HttpPost(SsoConstant.TICKET_TOKEN_URL); + MultipartEntityBuilder builder = MultipartEntityBuilder.create(); + builder.setCharset(StandardCharsets.UTF_8); + builder.addTextBody("ticket", form.getTicket()); + HttpEntity entity = builder.build(); + httpPost.setEntity(entity); + response = httpclient.execute(httpPost); + JSONObject result = JSONObject.parseObject(EntityUtils.toString(response.getEntity())); + if (result.getString("code").equals("200")) { + String ticket = result.getString("data"); + String timestamp = String.valueOf(System.currentTimeMillis()); + String nonce = RandomUtil.randomString(18); + httpPost = new HttpPost(SsoConstant.USER_INFO_URL); + builder = MultipartEntityBuilder.create(); + builder.setCharset(StandardCharsets.UTF_8); + builder.addTextBody("loginId", ticket); + builder.addTextBody("timestamp", timestamp); + builder.addTextBody("nonce", nonce); + builder.addTextBody("sign", Md5Params(ticket, timestamp, nonce)); + httpPost.setEntity(builder.build()); response = httpclient.execute(httpPost); - HttpEntity entity = response.getEntity(); - if (entity != null) { - EntityUtils.toString(entity, "UTF-8"); - } - JSONObject result = JSONObject.parseObject(EntityUtils.toString(entity)); + result = JSONObject.parseObject(EntityUtils.toString(response.getEntity())); if (result.getString("code").equals("200")) { - String ticket = result.getString("data"); - String timestamp = String.valueOf(System.currentTimeMillis()); - String nonce = RandomUtil.randomString(18); - httpPost = new HttpPost(SsoConstant.USER_INFO_URL); - infoJson = new JSONObject(); - infoJson.put("loginId", ticket); - infoJson.put("timestamp", timestamp); - infoJson.put("nonce", nonce); - infoJson.put("sign", Md5Params(ticket, timestamp, nonce)); - String params = DigestUtils.md5Hex(infoJson.toString().getBytes(StandardCharsets.UTF_8)); - stringEntity = new StringEntity(params, "UTF-8"); - stringEntity.setContentEncoding("UTF-8"); - stringEntity.setContentType(MediaType.APPLICATION_JSON_VALUE); - httpPost.setEntity(stringEntity); - response = httpclient.execute(httpPost); - entity = response.getEntity(); - if (entity != null) { - EntityUtils.toString(entity, "UTF-8"); - } - result = JSONObject.parseObject(EntityUtils.toString(entity)); - if (result.getString("code").equals("200")) { - JSONObject data = JSONObject.parseObject(result.getString("data")); - String mobile = data.getString("phone"); - String password = data.getString("password"); - //1、根据手机号查询政府端工作人员基本信息,校验用户是否存在 - Result> staffData = epmetUserFeignClient.checkCustomerStaff(mobile); - String customerId = ""; - String userId = ""; - if (null != staffData && staffData.getData().size() > 0) { - //2、根据客户Id和手机号查询登陆用户信息(代码逻辑来源于web端登陆接口) - CustomerStaffDTO staffDTO = staffData.getData().get(0); - customerId = staffDTO.getCustomerId(); - userId = staffDTO.getUserId(); - GovWebOperLoginFormDTO checkDto = new GovWebOperLoginFormDTO(); - checkDto.setCustomerId(staffDTO.getCustomerId()); - checkDto.setMobile(staffDTO.getMobile()); - GovWebOperLoginResultDTO resData = epmetUserFeignClient.getStaffIdAndPwd(checkDto).getData(); - if (null == resData || null == resData.getUserId()) { - log.warn("根据手机号查询PC工作端登陆人员信息失败,返回10003账号不存在"); - throw new EpmetException(EpmetErrorCode.ERR10003.getCode()); - } - //3、未禁用enable,已禁用disabled - if ("disabled".equals(resData.getEnableFlag())) { - throw new EpmetException(EpmetErrorCode.GOV_STAFF_DISABLED.getCode(), - String.format("当前账号已被禁用staffId:%s", resData.getUserId()), - EpmetErrorCode.GOV_STAFF_DISABLED.getMsg()); - } - GovWebOperLoginResultDTO resultDTO = resData; - //4.密码是否正确 - if (!PasswordUtils.matches(password, resultDTO.getPassWord())) { - log.warn("登陆密码错误"); - throw new EpmetException(EpmetErrorCode.ERR10004.getCode(), "登陆密码错误!"); - } + JSONObject data = JSONObject.parseObject(result.getString("data")); + String mobile = data.getString("phone"); + //1、根据手机号查询政府端工作人员基本信息,校验用户是否存在 + Result> staffData = epmetUserFeignClient.checkCustomerStaff(mobile); + String customerId = ""; + String userId = ""; + if (null != staffData && staffData.getData().size() > 0) { + //2、根据客户Id和手机号查询登陆用户信息(代码逻辑来源于web端登陆接口) + CustomerStaffDTO staffDTO = staffData.getData().get(0); + customerId = staffDTO.getCustomerId(); + userId = staffDTO.getUserId(); + GovWebOperLoginFormDTO checkDto = new GovWebOperLoginFormDTO(); + checkDto.setCustomerId(staffDTO.getCustomerId()); + checkDto.setMobile(staffDTO.getMobile()); + GovWebOperLoginResultDTO resData = epmetUserFeignClient.getStaffIdAndPwd(checkDto).getData(); + if (null == resData || null == resData.getUserId()) { + log.warn("根据手机号查询PC工作端登陆人员信息失败,返回10003账号不存在"); + throw new EpmetException(EpmetErrorCode.ERR10003.getCode()); } - //5.生成token存到redis并返回 - userTokenResultDTO = new UserTokenResultDTO(); - userTokenResultDTO.setCustomerId(customerId); - String token = generateToken(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId); - userTokenResultDTO.setToken(token); - disposeTokenDto(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId, token, customerId); - // 6.发送登录事件 - try { - SpringContextUtils.getBean(ThirdLoginService.class).sendLoginEvent(userId, "数字社区登录", - AppClientConstant.APP_GOV, - AppClientConstant.CLIENT_SSO, - AuthOperationConstants.LOGIN); - - } catch (Exception e) { - log.error("【数字社区web端登录】发送登录事件失败,程序继续执行。错误信息"); + //3、未禁用enable,已禁用disabled + if ("disabled".equals(resData.getEnableFlag())) { + throw new EpmetException(EpmetErrorCode.GOV_STAFF_DISABLED.getCode(), + String.format("当前账号已被禁用staffId:%s", resData.getUserId()), + EpmetErrorCode.GOV_STAFF_DISABLED.getMsg()); } } - } else { - log.error("校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息", result.getString("msg")); - throw new EpmetException(EpmetErrorCode.ERR10008.getCode(), "校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息"); - } - } catch (Exception e) { - e.printStackTrace(); - } finally { - if (null != httpclient) { - httpclient.close(); - response.close(); + //5.生成token存到redis并返回 + userTokenResultDTO = new UserTokenResultDTO(); + userTokenResultDTO.setCustomerId(customerId); + String token = generateToken(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId); + userTokenResultDTO.setToken(token); + disposeTokenDto(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId, token, customerId); + // 6.发送登录事件 + try { + SpringContextUtils.getBean(ThirdLoginService.class).sendLoginEvent(userId, "数字社区登录", + AppClientConstant.APP_GOV, + AppClientConstant.CLIENT_SSO, + AuthOperationConstants.LOGIN); + + } catch (Exception e) { + log.error("【数字社区web端登录】发送登录事件失败,程序继续执行。错误信息"); + } } + } else { + log.error("校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息", result.getString("msg")); + throw new EpmetException(EpmetErrorCode.ERR10008.getCode(), "校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息"); + } + if (null != httpclient) { + httpclient.close(); + response.close(); } return userTokenResultDTO; } @@ -314,17 +287,15 @@ public class SsoServiceImpl implements SsoService { * @return */ private String Md5Params(String loginId, String timestamp, String nonce) { - String prefix = "=${"; - String suffix = "}&"; + String suffix = "&"; StringBuilder builder = new StringBuilder(); - builder.append("loginId").append(prefix).append(loginId).append(suffix); - builder.append("nonce").append(prefix).append(nonce).append(suffix); - builder.append("timestamp").append(prefix).append(timestamp).append(suffix); - builder.append("key").append("={").append(SsoConstant.SECRET_KEY).append("}"); + builder.append("loginId=").append(loginId).append(suffix); + builder.append("nonce=").append(nonce).append(suffix); + builder.append("timestamp=").append(timestamp).append(suffix); + builder.append("key=").append(SsoConstant.SECRET_KEY); return SecureUtil.md5(builder.toString()); } - /** * @Description token放缓存 * @Param formDTO